Virtual IP's on Bonded ADSL
-
We have a client with bonded ADSL, where the 2 bonded channels both present the same /29 public IP address range - this is done by the ISP so that if either channel falls over, the other channel is completely capable of presenting all the inbound traffic to the one remaining active interface.
In theory, it's a great system, but I can't wrap my head around how to define the extra virtual IP addresses in PfSense.
I've defined 2 PPPoE WAN connections and these connect ok, but realistically they occupy the same IP space, so at the moment I have a Virtual IP table not dissimilar to this:
Public IP Interface
x.x.x.1 WAN1
x.x.x.2 WAN2
x.x.x.3 WAN1
x.x.x.4 WAN2Again, this will work to present the inbound traffic to an interface that's capable of dealing with it, but in the event that a WAN link goes down, so does its associated Public IP's. This is NOT GOOD and completely defeats the point of the bonded ADSL in the first place. I've tried to set up replica Virtual IP's so that it would look like the follwing (in theory):
x.x.x.1 WAN1
x.x.x.1 WAN2
x.x.x.2 WAN1
x.x.x.2 WAN2But, unsurprisingly when I try to duplicate the virtual IP's, I told that it's already assigned to another interface, which I can fully understand.
Is there any way, at all, to get this working ? I guess what I'm looking for is a way to bond downstream WAN connections - I already know how to do the upstream with Routing Groups, but can't see how to tell PfSense to treat both WAN connections as a single entity.
Thanks
-
If its bonded you should only have 1 wan address… ??
-
Yes, we do - one IP address which is presented to both WAN1 & WAN2 interfaces by the ISP, so inbound traffic can route down either physical piece of copper. As well as this, we also have a /29 subnet of routable IP's assigned to us (via the same bonded broadband and is subject to the same 'mirroring' as our WAN ip), which is not contiguous with our WAN ip (WAN ip ends .69, /29 goes from .249 to .253).
If all I wanted to do was route the WAN ip then we'd be fine. However, we need to NAT for inbound on some of the routable IP's, for which I need to allocate virtual IP's on the pfsense box.
If pfsense isn't actually bothered about which physical interface the traffic comes in on, as long as the IP info is correct, then I guess I could just assign all the VIP's to WAN1, but I don't want to put ourselves in a position where if WAN1 fails, but WAN2 is still up, we don't get any of our inbound traffic.